The distributed Discourse image (used by both self-hosters and on our SaaS platform) uses Debian OpenSSL 1.1.1n-0+deb11u3 and is not vulnerable to OpenSSL’s CVE-2022-3786 and CVE-2022-3602.
More details on the vulnerability can be found at CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows - OpenSSL Blog.